CVE-2025-8535: Cross Site Scripting in cronoh NanoVault
A vulnerability, which was classified as problematic, has been found in cronoh NanoVault up to 1.2.1. This issue affects the function executeJavaScript of the file /main.js of the component xrb URL Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-8535: Cross Site Scripting in cronoh NanoVault
Description
A vulnerability, which was classified as problematic, has been found in cronoh NanoVault up to 1.2.1. This issue affects the function executeJavaScript of the file /main.js of the component xrb URL Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulDB
- Date Reserved
- 2025-08-04T12:01:02.830Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 689154afad5a09ad00e46822
Added to database: 8/5/2025, 12:47:43 AM
Last updated: 8/5/2025, 12:47:43 AM
Views: 1
Related Threats
CVE-2025-8537: Allocation of Resources in Axiomatic Bento4
MediumCVE-2025-54871: CWE-284: Improper Access Control in steveseguin electroncapture
MediumCVE-2025-54870: CWE-636: Not Failing Securely ('Failing Open') in leakingmemory vtun-ng
HighCVE-2025-54865: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in FTB-Gamepedia Tilesheets
HighCVE-2025-54804: CWE-190: Integer Overflow or Wraparound in Eugeny russh
MediumActions
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.